Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Sysadmin cracked military PC’s security by reading the manual

All it took was a three-fingered salute and some autoexec.bat action

On-Call Welcome once more to On-Call, The Register’s attempt to make Fridays tolerable by bringing you fellow readers’ tales of terrifying tech support jobs they somehow survived.

This week, meet “Guy”, who told On-Call he grew up in the golden age of the microcomputer, meaning that by the time he joined his local Army National Guard unit he was familiar with machines like the TRS-80, Ti-99/4A, C-64 and Apple II.

One day National Guard HQ delivered a new PC to Guy’s unit. His prior experience meant he was given the job of making it work.

His problems started immediately because Guy’s superior “explained that the guys from HQ had set everything up, but had forgotten to give them the password to get into the system.”

The PC in question was a Zenith Data Systems 286 that Guy powered up after “throwing the big toggle switch on the side, waiting a while for a lovely green screen with a menu would pop up.”

pills, pills, pills

Drug cops stopped techie's upgrade to question him for hours. About everything

READ MORE

Without a password, nothing else was possible at that point.

Guy figured there had to be a way around that impasse, so “looked at the system, tried variations of CTRL-C, CTRL-BREAK and CTRL-ALT-DEL. Nothing seemed to work. So, I asked for the manual, started looking through it, and started laughing.”

Why the chuckles? Because “Zenith Data Systems at the time had a lovely diagnostic set built into ROM. To access it, all you had to do was hit CTRL-ALT-INSERT instead of CTRL-ALT-DEL.”

And one of the diagnostic options available after CTRL-ALT-INSERT was “a boot to command prompt, bypassing the autoexec.bat file”.

Guy told us he “happily did the CTRL-ALT-INSERT, got to the command prompt, made a backup copy of the autoexec.bat file and wrote another .bat file to put everything back the way I'd found it, and removed the password bits from the autoexec.bat file.”

But Guy’s clever effort seemed to have been in vain, because just as he was finishing, a call came in from HQ with the password.

Guy’s boss “laughed and told them that one of his guard members was able to bypass the entire ‘security system’ and access the PC”.

Which was when Guy was told to “wait here” while a rather serious discussion started about his exploits.

“I'll admit to being a bit nervous about it, but figured I was asked to do it by an officer higher in rank than me, so I hadn't had a choice.”

Guy’s nervousness was the right reaction, because he was soon subjected to quite the grilling by his superiors.

His response was to “meekly raise my hand and say ‘I read the manual’.”

Which didn’t go down well, so Guy “pulled out the manual, opened it to the page on diagnostics, read the applicable section, then went through the steps.”

“Their jaws just dropped, speechless, staring. They'd been assured that no one could get past the security in the autoexec file since CTRL-C.”

Guy was then asked to restore the PC to its seemingly secure state and told not to say anything about his finding to anyone.

Several months later, folks from National Guard HQ returned, “opened the skin of the PC system and replaced a ROM chip”. And with that, Guy’s exploit became impossible.

“I found out later that I'd gotten a commendation for finding the vulnerability and reporting it,” Guy concluded.

On-Call assumes whoever signed off on the purchase got the opposite!

Have you cracked the surely-not-crackable? If so, click here to write to On-Call and perhaps we’ll feature your story here on a future Friday. ®

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like